Optimising LEDE (OpenWrt) for the PC Engines APU2
It builds on existing tools GnuPG and git e. There are multiple clients and extensions available and it allows you to manage your passwords transparently. The …. WireGuard is a modern VPN solution that has been getting a lot of attention recently, even earning accolades from Linus Torvalds himself.
The developer's website states the following about WireGuard :. It aims to be faster, simpler, leaner, and …. Somewhere between the last few weeks and my home server's upgrade to Debian Buster pre-releasehdparm stopped putting the disks into standby. That used to work fine, until …. This is a quick summary on how to compile an existing LineageOS tree on Linux.
LineageOS is one of the bigger Android distributions out there, so I'll provide instructions based on their tree, although most projects handle a very similar workflow, often being based on AOSP.
LineageOS offers multiple features …. Like a lot of stuff on the internet, this website is running off a VPS. Back in the days, when VPS'es weren't as ubiquitous and cheap, I used to have one with Linodeuntill I took it offline because I really wasn't using it. Then, a few years later, I …. My brother decided he wanted a multi-room audio set-up in his new house, but also wanted to be able to play separate streams in each room.
Things had to be done on a budget, so a Sonos set-up or something similar with a beefy receiver with multiple zone support was …. Bios locked lenovo people prefer to run pfSense on it, but since the rest of my hardware is already on LEDEit's easier for me to stick with that; the APU2 will manage a network running other …. Debian Testing picks it up just fine, according to dmesg :.
Let's Encrypt is a wonderful initiative providing free short-term certificates to anyone. However, it does not support Lighttpd out of the box. Lighttpd wants your private key and domain certificate bundled together …. However, that's just for the user's convenience; UCI itself is a command ….APU boards and associated accessories are readily available from resellers across Europe and North America.
Since the board can be put in the same box as the PCEngines Alix 2dBoard it might be useful to know that the ethernet device order has changed. The interfaces are now ordered as shown in the following image:. Some modules for specific APU2 features are not included by default and can be installed using opkgor by including them in a custom build. For a detailed analysis and possible mitigations on the APU2, see 3mdeb blog post.
APU boards use coreboot. Images for x86 are provided with ext4 or squashfs. It's recommended to use squashfs. For more details read this mailinglist thread and Filesystems. If you wish to write data to the same disk as OpenWrt is installed on, an ext4 filesystem with write persistence is useful. Run lsblk to choose the correct device to write to.
If you don't want to build from source, you can use the image builder. With the generic image, only the first port eth0, the one close to the serial port is active. You should configure the other ports as appropriate. Quote from the article: OpenWRT is just much better at wireless.
It outperforms pfSense by almost 2x. Since commit 7e42cba both naming schemes are supported. If LEDs aren't working, upgrade coreboot to at least v4. According to PCEngines coreboot maintainers, sdhci-pci is needed, but not included in default x86 kernel builds. See their instructions in the APU2 documentation repository.
User Tools Register Log In. Site Tools Search. Sidebar Welcome to OpenWrt. Supported Devices. Submitting patches. Wiki contribution guide.Author here Surprised to see this made it to HN. Some of them required changes to the network stack, and OpenBSD's proved to be very elegant and clean for this purpose.
Not to mention the proactively-security approach etc. Maybe the people who're going to do this need no such explanation, but the occasional visitor may appreciate a bit more story. Is there's a comparison between FreeBSD vs. OpenBSD in packets filtering, routing performance et al? Well, to the best of my understanding. This is a source of animosity between the two projects that I don't fully understand. Right now OpenBSD is in the middle of doing the same for pf and their network stack.
So the performance difference shrinks on every release. The newer pf syntax and features make writing rulesets easier, like replacing ALTQ with prio for traffic shaping. Are there differences in firewall features, or is OS-level security posture the main difference? One major drawback to OpenBSD's pf, at least from a research perspective, is its lack for extensibility. INTPenis on Nov 28, Just now learned that APU2 existed due to your post. It's a simple firewall, has no services except opensmtpd relay and pf.
All other services are inside the DMZ. It's literally, install and forget. But that's not to say you shouldn't have proper patch management. I used this guide.GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together. If nothing happens, download GitHub Desktop and try again.
If nothing happens, download Xcode and try again. If nothing happens, download the GitHub extension for Visual Studio and try again. Skip to content. Dismiss Join GitHub today GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign up. Find file. Sign in Sign up. Go back. Launching Xcode If nothing happens, download Xcode and try again. Latest commit Fetching latest commit…. This is the buildsystem for the OpenWrt Linux distribution. Please use "make menuconfig" to configure your appreciated configuration for the toolchain and firmware.
You need to have installed gcc, binutils, bzip2, flex, python, perl, make, find, grep, diff, unzip, gawk, getopt, subversion, libz-dev and libc headers. Run ". Use "make menuconfig" to configure your image. Simply running "make" will build your firmware. It will download all sources, build the cross-compile toolchain, the kernel and all choosen applications.
You will need a LaTeX distribution and the tex4ht package to build the documentation. Cygwin will not be supported because of the lack of case sensitiveness in the file system.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window.Release notes describing changes, fixes and known issues in PC Engines apux releases. Each binary or archive in case of older images is cryptographically signed by PC Engines Open Source Firmware Release Signing Key adequate to the official coreboot release i.
a generic tech blog
Legacy releases starting from v4. The keys are maintained and managed by 3mdeb company responsible for maintaining PC Engines firmware. Under each release binaries one may find an asciinema record showing example firmware signature verification using appropriate key.
The public parts of the keys are available at 3mdeb-secpack repository. For the details of the change please refer to Canary 2. Following new coreboot release 4. Since v4. The public parts of the keys may be found on 3mdeb-secpack.
The details of the change are also available on Canary 3. Some operating system have problems running with different storage medias. These table shows currently tested systems on BIOS v4. See an example how to verify the signatures on asciinema. Subscribe to our mailing list.
Release notes Release notes describing changes, fixes and known issues in PC Engines apux releases. The recommended firmware version is latest mainline v4. Reasons: most of the new features are firstly introduced here in mainline mainline version is more actively developed and maintained than legacy mainline releases have extended validation comparing to legacy due to legacy limitations related to old toolchain and codebase mainline releases are built with newest toolchains.
Mainline releases v4. Legacy releases v4. OS status Some operating system have problems running with different storage medias. Fast Boot - document describing research for Fast Boot path for apu boards. The Fast Boot was intended to restore memory configuration from non-volatile storage and reduce the boot time of the platform.GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
If nothing happens, download GitHub Desktop and try again. If nothing happens, download Xcode and try again. If nothing happens, download the GitHub extension for Visual Studio and try again. Note that all major code has been merged upstream.
This repo will provide you with an example board profile and make config to help assist in building, but is not required. Skip to content.
This repository has been archived by the owner.
It is now read-only. Dismiss Join GitHub today GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign up. Shell Makefile. Shell Branch: master. Find file. Sign in Sign up. Go back.
PC Engines APU 3
Launching Xcode If nothing happens, download Xcode and try again. Latest commit. Latest commit ed0f54a Dec 29, Building Build Only.The content of this topic has been archived on 1 May There are no obvious gaps in this topic, but there may still be some posts missing at the end. I've succesfully tested the modem using Ubuntu to exclude HW-failure. Any suggestions on what the nexts steps should be in getting the modem operational?
I dont know Good additional package is 3ginfo yet. It add next uhttpd server on port 81 and there it shows great information about BTS etc. I did these changes and LTE is working for me. About 25 - 30Mbit in range of good connected BTS. I dont need much more, so over the other interface I didnt tested yet QMI? Wow, that would be good enough for me, too. I dont know :- Good additional package is 3ginfo yet. It add next u h t t p d server on port 81 and there it shows great information about BTS etc.
Milankocvara: Thanks for that! I will check out the 3ginfo package you've suggested as it looks very useful. I will have to recheck correct SIM functionality again on my reference setup which is available on friday. The LTE-modem is working now. Swapping the modem to slot 2 solved the issue for me. This post was a great finding for me too! I think this changes shuld be pushed to main stream. To kill the connection.
But the way to make it working automaticcally it's quite hard for me. Any ideas on what might be going wrong?
Hi milankocvara, Thanks! MartijnW wrote: Hi milankocvara, Thanks! Wed Nov 16 daemon.